NTS Exposes Extremely Private Data of Every Applicant Out in the Open!

Another day, and we have another local firm that isn’t taking its privacy seriously. NTS, the leading testing service in the country, is exposing private information of each and every applicant out in the open world wide web.

This information stored on NTS servers, for several hundred thousand students, is exposed to the world that includes extremely private data including names, father name, passwords, home addresses and what not.

The information which can be accessed is as follows:

Deposit ID

Name

Father Name

Email

NIC

Password

Auth ID

Test City

Subject

Passport

Gender

Date of Birth

Address

City

District

Mobile Phone

We do not want to publicize the exact format of the URL due to the sensitive nature of the information but here’s a screenshot.

We were able to access information of hundreds of candidates and we are sure that anyone with moderate technical knowledge could quickly build a database with the available data.

Frankly, it is absolutely incredible that an organization raking in money by the bucket loads can’t even be bothered to properly secure its servers. Even if they do, there must be a better way to store information than in plain text PDFs, that are easily accessible.

Security is often not even factored into the equation in most companies. Quality assurance is one of the most critical areas for any organization that relies on the internet or computers and it’s time that fact is widely recognized in Pakistan.

We call upon NTS to give due attention to this matter and resolve this gaping security hole at once.

No wonder you will see tons of ads on this semi government website, hinting that the people running and maintaining this website are more concerned about the money and not about the look and feel and other important aspects of the website.

0

Shares

Najam

Another Rasgulla for our Parha Likha Pakistan.

ras gulla

NTS is a pure moneymaking machine with no accountability

Ishtiaq

Although you have not published the full url here, but anyone with little knowledge about web can easily find all this data, It will take few code changes to secure this data, But I know they will still not do anything, just like many other organisation in Pakistan, no one cares to protect personal data of their users . :(

Samina

How?

faizanfarhat

Yes, i am currently downloading some 13K data records :)

‘Arsh Hussain

How??

irfan

plz share link to

03444260270

Achilles Khalil

NTS should be ban in Pakistan and shut it down its leeching money from every one with no cause

Ali Shanzy

100% agree…its bulsh*t service..they just earning money i was thinking about why no one talks about NTS so called service who is just earning money nothning more…..nice to c this post..

You know what’s even more interesting? Most of us have just one password for all the accounts.. so i wont be surprised if the password used over there would be the same password of their email, facebook and other important accounts..

faulty

well if you have only one password for your account then its your fault :P

ZebThakur

NTS is “Employment for Unemployed “

Ishaque Dahot

The Web Developer Don’t know How to Prevent a Directory Listing of Your Website.

Wow what a find! pretty easy to get the list. And most notrious ppl must have taken it.

Saqib

NTS is a subsidiary of COMSATS which claims to be the best IT university of Pakistan, to phir best IT university ne kesa diya?!

Shahid Saleem

edX, udacity, coursera.

Mega Mind

For NAB recruitment, they registered 75000 candidates on just 200 seats. Each candidate had to submit 500- Approx for the test. so total earning for NTS was 37,500,000-. The test based on mathematics , english nothing related to the post and your qualification Good job Govt. of Pakistan!

idiot

almost every university earns the same amount of money during admission process every year. do you go against all universities? do u sue them? do you stop getting admissions in those universities?

WaridLTE

I will support any step or movement to get rid of this looting mafia called NTS.

pakirambo

I just found a file that has over 180,000 Records of just one Position Oh God they have it in excel all the data with cell no. to address and what not. They should be sued

Agha

cell no wali file kidr hy :/ i found with F.Names and CNICs

abc

03215011028 link to msg kar do

hello

can u share it with us so we can together sue them.

Ali Ahmad

And they even have a ‘Privacy page’ – Everyone, please read it. It sounds amusing now.

Just visited their websites from mobile. Its full of annoying ads, popups and nothing else. Never seen this on any govt/institutional website before. The webmaster should be investigated.

ZebThakur

NTS is “Employment from Unemployed “

Hassan Khan

NTS, should be banned and an alternative service should be offered my cousin has spend lots of money on these tests, and gets nothing, he has applied for various govt. jobs clears the test but some times doesnt come on merit or whatever. NTS is leech it is sucking money out of our people. True that NTS is “Employment for the unemployed”.

grapes are sour

this means that theres a problem with your cousin, not with nts

guest

and when i tried to do it they hide it fagoots

as

still working just need to use brain

guest

i went to dir but couldnt find that file i uesd my brain for 2 hours on thi ssheet

hacker

They have removed it. Not accessible now.

King

This is totally unacceptable! A few simple steps can avoid such disaster, but they have other priorities than securing people’s data. Govt should implement data/privacy regulations and take serious action against such organizations.

Nadeem

Totally fake. Nothing accessed. I tried.

guest

grapes are sour…..

FakePersona0

It just boggles my mind of the idiocracy in Pakistan. Although the pdf(s) are not Hot-linked any more but a google webcache is still present. And we all know, female(s) details will be most people after…

FakePersona0

site:nts _org_pk filetype:pdf deposit id

Salman Qamar

Fixed Now. I checked

Hasnain Aali

still accessible via webcache

F&&K NTS

#WTF I tired two random ids and was able to login successfully. I can’t believe this. Just imagine what those evil minds will do. We should tell our friends who appeared in NTS to change their password immediately.

@MustRead

@syed_talal You should have removed the .pdf from link, kindly remove that now and delete this comment after… All of the data is still accessible, if you can contact nts then you should definitely approach.